Over-Permissioned MCP Skill - ATR-2026-00064 (f0943067-5ccb-5d76-97dd-af3007ff49ce)
Detects MCP skills that request or exercise permissions far exceeding what their stated function requires. A "spell checker" that requests filesystem write access, network access, and process execution is a strong signal of a trojaned or malicious skill. This rule monitors tool calls for permission-boundary violations.
| Cluster A | Galaxy A | Cluster B | Galaxy B | Level |
|---|---|---|---|---|
| AI Model Inference API Access (90a420d4-3f03-4800-86c0-223c4376804a) | MITRE ATLAS Attack Pattern | Over-Permissioned MCP Skill - ATR-2026-00064 (f0943067-5ccb-5d76-97dd-af3007ff49ce) | Agent Threat Rules | 1 |